lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 29 Oct 2003 09:49:23 +0100 (MET)
From: "Oliver Karow" <Oliver.Karow@....de>
To: bugtraq@...urityfocus.com
Cc: horst.haas@...Condex.de
Subject: TelCondex SimpleWebserver Buffer Overflow


TelCondex SimpleWebserver Buffer Overflow
=========================================

The TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a 
remote executable buffer overflow, due to missing length check on the 
referer-variable of the HTTP-header.

It is possible to overwrite the stack, and therefore to execute 
arbitrary code on the system. 

The vuln can be tested with netcat or telnet:

netcat webserver 80

GET /index.htm HTTP/1.0\r\n
Referer: 700 x [A]\r\n\r\n

The Webserver crashes at >= 700 bytes. A buffer of 704 bytes will overwrite 
the return address on the stack.

The vendor was informed about the vuln on Mon. 27.10.03, and respondet
on Tue. 28.10.03 with a fixed version!

The new (fixed) version (2.13) is available at:

http://www.yourinfosystem.de/download/TcSimpleWebServer2000Setup.exe


Regards,

Oliver Karow

email: oliver.karow_AT_gmx.de
web:   www.oliverkarow.de

-- 
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ